Cities report a sharp increase in ransomware attacks

Ransomware attacks on local governments are becoming more frequent and complex, and having a bigger impact, according to new research from technology company Sophos.

Cities are bolstering their defences to fight back but gaps remain.

In the survey, 58 percent of local government respondents said their organisations were hit by ransomware in 2021, up from 34 percent in 2020.

Further, 59 percent perceived an increase in the volume of attacks over the last year, the same number reported growing attack complexity, and 56 percent said cyber-attacks were having a greater impact.

Attackers’ methods are becoming more sophisticated with the use of AI and automation technology, Sophos said.

There has also been a considerable increase in extortion-only attacks affecting state and local government organisations over the last year, bucking a downward trend in other sectors.

The report notes: “The global drop is likely a result of adversaries combining both ransomware and extortion in their attacks in an effort to increase pay-out rates.

“It will be interesting to see from next year’s results whether the 2021 state and local government experience reflects a lag behind other sectors or an ongoing situation.”

Encryption

Almost three-quarters of state and local governments that suffered a ransomware attack had their data encrypted. Most (99 percent) got some encrypted data back but the amount they recovered is down from 70 percent to 58 percent.

Six in ten used back-ups to recover data, compared to a cross-sector average of seven in ten.

“This indicates that there are immediate opportunities for this sector to strengthen its attack resilience by improving its ability to use back-ups to restore encrypted data,” according to Sophos.

A third of state and local government organisations paid a ransom, down from 42 percent in 2020. Almost half (45 percent) said they used other means to restore data and 37 percent used more than one method.

“These numbers demonstrate that many state and local government organisations are using multiple restoration approaches in parallel to maximise the speed and efficacy with which they can get back up and running,” the report says.

It adds: “At best, paying ransom generally only results in the partial restoration of encrypted data.”

Cyber insurance

Eight in ten state and local governments have insurance against ransomware attacks but many reported that fewer providers are offering this cover and policies are becoming more complex and expensive.

Growing insurance requirements are pushing governments to implement new cybersecurity technologies, training and processes.

“While getting the initial buy-in may be hard, in the long term, pre-emptive cybersecurity measures are a far better alternative than bolstering defences after an attack,” said Chester Wisniewski, principal research scientist, Sophos.

The company recommends that local governments deploy ‘threat hunters’, make back-ups and test them, and create a plan in case of a cybersecurity incident.

Sophos commissioned research agency Vanson Bourne to conduct a survey of 5,600 IT professionals in mid-sized organizations across 31 countries in January and February 2022, including 199 respondents from state and local government.